This is a real example, which shows how the XDR solution works and why it is superior to classic antiviruses.
One of our XDR solutions detected the individual activities of several legitimate applications. At first glance, nothing was suspicious. However, the analysis of the records determined that the set of these individual activities together constitutes a bundled action, and from it was concluded that it was a malicious attempt to compromise a workstation and a server of critical infrastructure. One of the detected activities was connecting to a website that was not on the suspicious list, and downloading malicious content, which was executed on the workstation and server, for the purpose of obtaining administrative powers.
An ordinary, traditional antivirus program would not be able to connect several seemingly legitimate activities and conclude that, although each of them is separately confirmed as safe, together they constitute a sophisticated security threat.